07-02-2007, 06:57 PM
[eluser]Aaron L.[/eluser]
Hello,
I am trying to submit my form to a function which validates my form before inserting it into the DB. In this function, I am attempting to use prep_for_form (documentation). The problem is, when I fill-in the form with something like "I'm", I still get an SQL error because the ' is there.
Here is my code:
Do you know what's going on here? I'm stumped...
Aaron
Hello,
I am trying to submit my form to a function which validates my form before inserting it into the DB. In this function, I am attempting to use prep_for_form (documentation). The problem is, when I fill-in the form with something like "I'm", I still get an SQL error because the ' is there.
Here is my code:
Code:
$this->load->library('validation');
//set the validation rules
$rules['subject'] = "prep_for_form|required|xss_clean";
$rules['message'] = "prep_for_form|required|xss_clean";
$rules['to_nick'] = "trim|required|xss_clean";
$this->validation->set_rules($rules);
//set field names for validation error messages
$fields['subject'] = 'Subject';
$fields['message'] = 'Message';
$fields['to_nick'] = 'To Nickname';
$this->validation->set_fields($fields);
if ($this->validation->run() == FALSE)
{
echo "Error";
}
else
{
$this->db->query("INSERT INTO messages (subject, message) VALUES ('$subject','$message')");
echo "SUCCESS!!";
}
Do you know what's going on here? I'm stumped...
Aaron